Add latest changes from gitlab-org/gitlab@13-2-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-08-05 21:10:10 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-08-05 21:10:10 +0300
commit: ea4766228b5536c83f1917d6058be913472ffa2d (patch)
tree: 5ebf5ea0f996be6c6908e6b631b72c33bc13e997 /app/services
parent: 4b64dc27ae5bac20dec888431c236fef2bfdc449 (diff)
3 files changed, 29 insertions, 7 deletions
diff --git a/app/services/authorized_project_update/project_group_link_create_service.rb b/app/services/authorized_project_update/project_group_link_create_service.rb
index db2db091374..090b22a7820 100644
--- a/app/services/authorized_project_update/project_group_link_create_service.rb
+++ b/app/services/authorized_project_update/project_group_link_create_service.rb
@@ -6,9 +6,10 @@ module AuthorizedProjectUpdate
 
     BATCH_SIZE = 1000
 
-    def initialize(project, group)
+    def initialize(project, group, group_access = nil)
       @project = project
       @group = group
+      @group_access = group_access
     end
 
     def execute
@@ -19,19 +20,20 @@ module AuthorizedProjectUpdate
         user_ids_to_delete = []
 
         members.each do |member|
+          new_access_level = access_level(member.access_level)
           existing_access_level = existing_authorizations[member.user_id]
 
           if existing_access_level
             # User might already have access to the project unrelated to the
             # current project share
-            next if existing_access_level >= member.access_level
+            next if existing_access_level >= new_access_level
 
             user_ids_to_delete << member.user_id
           end
 
           authorizations_to_create << { user_id: member.user_id,
                                         project_id: project.id,
-                                        access_level: member.access_level }
+                                        access_level: new_access_level }
         end
 
         update_authorizations(user_ids_to_delete, authorizations_to_create)
@@ -42,7 +44,15 @@ module AuthorizedProjectUpdate
 
     private
 
-    attr_reader :project, :group
+    attr_reader :project, :group, :group_access
+
+    def access_level(membership_access_level)
+      return membership_access_level unless group_access
+
+      # access level must not be higher than the max access level set when
+      # creating the project share
+      [membership_access_level, group_access].min
+    end
 
     def existing_project_authorizations(members)
       user_ids = members.map(&:user_id)
diff --git a/app/services/groups/transfer_service.rb b/app/services/groups/transfer_service.rb
index fbbf4ce8baf..f2fb494500d 100644
--- a/app/services/groups/transfer_service.rb
+++ b/app/services/groups/transfer_service.rb
@@ -37,6 +37,7 @@ module Groups
 
     # Overridden in EE
     def post_update_hooks(updated_project_ids)
+      refresh_project_authorizations
     end
 
     def ensure_allowed_transfer
@@ -121,6 +122,16 @@ module Groups
       @group.add_owner(current_user)
     end
 
+    def refresh_project_authorizations
+      ProjectAuthorization.where(project_id: @group.all_projects.select(:id)).delete_all # rubocop: disable CodeReuse/ActiveRecord
+
+      # refresh authorized projects for current_user immediately
+      current_user.refresh_authorized_projects
+
+      # schedule refreshing projects for all the members of the group
+      @group.refresh_members_authorized_projects
+    end
+
     def raise_transfer_error(message)
       raise TransferError, localized_error_messages[message]
     end
diff --git a/app/services/projects/group_links/create_service.rb b/app/services/projects/group_links/create_service.rb
index 3c3cab26fb5..3fcc721fe65 100644
--- a/app/services/projects/group_links/create_service.rb
+++ b/app/services/projects/group_links/create_service.rb
@@ -13,7 +13,7 @@ module Projects
         )
 
         if link.save
-          setup_authorizations(group)
+          setup_authorizations(group, link.group_access)
           success(link: link)
         else
           error(link.errors.full_messages.to_sentence, 409)
@@ -22,9 +22,10 @@ module Projects
 
       private
 
-      def setup_authorizations(group)
+      def setup_authorizations(group, group_access = nil)
         if Feature.enabled?(:specialized_project_authorization_project_share_worker)
-          AuthorizedProjectUpdate::ProjectGroupLinkCreateWorker.perform_async(project.id, group.id)
+          AuthorizedProjectUpdate::ProjectGroupLinkCreateWorker.perform_async(
+            project.id, group.id, group_access)
 
           # AuthorizedProjectsWorker uses an exclusive lease per user but
           # specialized workers might have synchronization issues. Until we
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-08-05 21:10:10 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-08-05 21:10:10 +0300
commit	ea4766228b5536c83f1917d6058be913472ffa2d (patch)
tree	5ebf5ea0f996be6c6908e6b631b72c33bc13e997 /app/services
parent	4b64dc27ae5bac20dec888431c236fef2bfdc449 (diff)